SYSTEM FOR PROVIDING SESSION-BASED NETWORK PRIVACY, PRIVATE, PERSISTENT STORAGE, AND DISCRETIONARY ACCESS CONTROL FOR SHARING PRIVATE DATA
First Claim
1. A method comprising:
- identifying data to be stored;
generating a first encryption key and a first decryption key;
encrypting the data using the first encryption key;
generating a data object identifier;
generating a challenge public-private key pair for the data;
reading an identifier for an accessing user;
generating a coded user identifier from the user identifier by hashing;
sending the coded user identifier to a server with a request for a message queue public key of the accessing user;
receiving the message queue public key from the server;
creating a message object comprising the data object identifier, the first decryption key, and the private challenge key;
encrypting the message object with the message queue public key;
sending the encrypted message object to a message queue of the server associated with the coded user identifier;
creating a data object using the data object identifier, the encrypted data, and the public challenge key;
sending the data object to the server.
1 Assignment
0 Petitions
Accused Products
Abstract
The invention provides secure and private communication over a network, as well as persistent private storage and private access control to the stored information, which is accomplished by imposing mechanisms that separate a user'"'"'s actions from their identity. The system provides (i) anonymous network browsing, in which event the anonymity system is unaware of both the user'"'"'s identity and browsing activities, (ii) private network storage and retrieval of data such as passwords, profiles and files in a manner such that the data can be stored into the system and later retrieved without the system knowing the contents or owners of the data, and (iii) the ability of the user to control and manage access to the remotely stored data without the system knowing the contents, owners, or accessors of the data.
-
Citations
6 Claims
-
1. A method comprising:
-
identifying data to be stored; generating a first encryption key and a first decryption key; encrypting the data using the first encryption key; generating a data object identifier; generating a challenge public-private key pair for the data; reading an identifier for an accessing user; generating a coded user identifier from the user identifier by hashing; sending the coded user identifier to a server with a request for a message queue public key of the accessing user; receiving the message queue public key from the server; creating a message object comprising the data object identifier, the first decryption key, and the private challenge key; encrypting the message object with the message queue public key; sending the encrypted message object to a message queue of the server associated with the coded user identifier; creating a data object using the data object identifier, the encrypted data, and the public challenge key; sending the data object to the server. - View Dependent Claims (2, 3)
-
-
4. A computer program product for providing private storage of data on a server within a network, the computer program product comprising a computer readable storage medium having program instructions embodied therewith, the program instructions executable by a processor to cause the processor to perform a method comprising:
-
identifying data to be stored; generating a first encryption key and a first decryption key; encrypting the data using the first encryption key; generating a data object identifier; generating a challenge public-private key pair for the data; reading an identifier for an accessing user; generating a coded user identifier from the user identifier by hashing; sending the coded user identifier to a server with a request for a message queue public key of the accessing user; receiving the message queue public key from the server; creating a message object comprising the data object identifier, the first decryption key, and the private challenge key; encrypting the message object with the message queue public key; sending the encrypted message object to a message queue of the server associated with the coded user identifier; creating a data object using the data object identifier, the encrypted data, and the public challenge key; sending the data object to the server. - View Dependent Claims (5, 6)
-
Specification